Skip to product information
1 of 10

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0030-2014 English PDF (GMT0030-2014)

GM/T 0030-2014 English PDF (GMT0030-2014)

Regular price $150.00 USD
Regular price Sale price $150.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0030-2014
Historical versions: GM/T 0030-2014
Preview True-PDF (Reload/Scroll if blank)

GM/T 0030-2014: Cryptographic server technical specification
GM/T 0030-2014
GM
CRYPTOGRAPHY INDUSTRYSTANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L80
File No.. 44631-2014
Cryptographic server technical specification
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4 
1 Scope .. 5 
2 Normative references ... 5 
3 Terms and definitions ... 5 
4 Symbols and abbreviations ... 8 
5 Functional requirements of cryptographic server .. 8 
5.1 Initialization ... 8 
5.2 Crypto-operation.. 8 
5.3 Key management ... 9 
5.4 Random-number generation and test ... 11 
5.5 Access control ... 11 
5.6 Device management .. 12 
5.7 Log audit ... 12 
5.8 Equipment self-test.. 12 
6 Hardware requirements of cryptographic server ... 12 
6.1 External interface ... 12 
6.2 Random-number generator ... 13 
6.3 Environmental adaptability ... 14 
6.4 Reliability ... 14 
7 Software requirements of cryptographic server ... 14 
7.1 Basic requirements.. 14 
7.2 Application program interface (API) ... 15 
7.3 Management tool.. 15 
8 Security requirements of cryptographic server ... 15 
8.1 Cryptographic algorithm ... 15 
8.2 Key management ... 15 
8.3 System requirements ... 16 
8.4 Use requirements ... 16 
8.5 Management requirements ... 16 
8.6 Physical security protection for equipment ... 17 
8.7 Device state ... 17 
8.8 Process protection... 17 
9 Test requirements of cryptographic server ... 17 
9.1 Inspection of appearance and structure ... 17 
9.2 Test of submitted documents ... 18 
9.3 Function test ... 18 
9.4 Performance test .. 21 
9.5 Environmental adaptability test ... 23 
9.6 Other tests ... 23 
10 Qualification evaluation .. 23 
Cryptographic server technical specification
1 Scope
This standard defines the relevant terms of cryptographic server, and specifies
other related content of cryptographic server, such as functional requirements,
hardware requirements, software requirements, security requirements and test
requirements.
This standard applies to the development and usage of cryptographic server,
and it can also be used to guide the test of cryptographic server.
2 Normative references
The following documents are essential for the application of this document. For
dated references, only the dated version applies to this document. For undated
references, the latest edition (including all amendments) applies to this
document.
GB/T 9813 Generic specification for microcomputers
GM/T 0005 Randomness test specification
GM/T 0018 Cryptographic equipment application interface specification
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Cryptographic server
It is also known as host encryption server; it is the equipment which can provide
independently or in parallel multiple application entities with cryptographic
service and key management.
3.2
Symmetric cryptographic algorithm
It is a cryptographic algorithm which uses the same key to encrypt and decrypt.
key-pair and encryption key-pair. It is used for device management to represent
the identity of cryptographic server.
Key encryption key. It is symmetric key that is periodically replaced to protect
session key in the case of a pre-assigned key. Cryptographic server may
choose to support key encryption key.
Session key. It is used for data encryption-decryption.
5.3.3 Key generation and installation
Manager key. It is generated or installed by the management tool which is used
in device initialization; it is stored in a secure storage area inside cryptographic
server.
User key. User key consists of signature key and encryption key. Signature key
is generated or installed by cryptographic server; it must support the use of
physical noise source chip to generate, and it must support the use of strong
prime numbers. Encryption key is issued by key management system to the
device; the format for issuing the encryption key follows the rules for the
protection format of the encryption key given in GM/T 0018; and the storage
area for a certain number of user key-pairs must be supported according to the
system requirements. The private key of user key-pairs must support hardware
internal secure storage; it is appropriate to support the security access control
of private key access password.
Device key. Device key consists of signature key and encryption key. Signature
key is generated or installed by using management tool when the device is
initialized; encryption key is issued by key management system to the device.
Device key stores the security storage area inside cryptographic server.
Key encryption key. It is generated or installed by cryptographic equipment
management tool, which must support the generation of physical noise source
chips; the storage area for a certain number of key encryption key must be
supported according to the system requirements; this key must support the
secure storage inside cryptographic server.
Session key. It must support to use the generation of physical noise source
chips to ensure the quality of session key; it must support that one session
replaces one session key. Cryptographic server must not be exported in
plaintext. When session key is stored for a long time, it must support the security
protective measures of user key-pair or key encryption key for encrypted
storage.
5.3.4 Key usage
Symmetric key. According to symmetric key index-number or other key unique
interface, management operations can be carried out, such as key generation,
installation, backup, recovery, and log query.
Management personnel shall be identified into the management interface.
Different management operations shall have different operating authorization.
5.6 Device management
It is appropriate for cryptographic server to have the management function of
accepting management center; the implementation of device management
function shall be carried out according to the requirements of state cryptography
administration competent department.
5.7 Log audit
Cryptographic server shall provide the function of log recording, log viewing and
log exporting.
Log content includes.
a) Administrator operation behavior, including login authentication, system
configuration and key management;
b) Abnormal events, including records of abnormal events, such as
authentication failure and unauthorized access;
c) If it is connected to equipment management center, record the
corresponding operation.
5.8 Equipment self-test
Cryptographic server shall have the function of self-test at power-on and when
receiving self-test command.
Self-test function of equipment shall include the correctness checking of
cryptography algorithm, the test of random-number generator and the test of
storage key and data integrity.
6 Hardware requirements of cryptographic server
6.1 External interface
Cryptographic server shall provide service interface and management interface
respectively.
It supports external RJ-45 Ethernet interface, serial interface, fiber channel,
USB and other hardware interface protocols of current mainstream servers. It
• Test items. Test the collected random-numbers according to the 12 item-
tests of GM/T 0005, except for discrete Fourier test, linear complexity
test, universal statistical test.
• Test-pass standard. If one item f...
View full details